Example 96 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class EXistURIResolver method databaseSource.
private Source databaseSource(final String path) throws TransformerException {
final XmldbURI uri = XmldbURI.create(path);
final DBBroker broker = db.getActiveBroker();
final DocumentImpl doc;
try {
doc = broker.getResource(uri, Permission.READ);
if (doc == null) {
LOG.error("Document {} not found", path);
throw new TransformerException("Resource " + path + " not found in database.");
}
final Source source;
if (doc instanceof BinaryDocument) {
/*
* NOTE: this is extremely unpleasant as we let a reference to the blob file
* escape from the closure into the StreamSource. This means that the file could have been deleted
* by time the user comes to access the StreamSource, however this was also
* the case with eXist-db's previous design, and due to the lack of resource
* management of the StreamSource class, there is little we can do to improve
* the situation - AR.
*/
try (final Txn transaction = broker.getBrokerPool().getTransactionManager().beginTransaction()) {
source = broker.withBinaryFile(transaction, (BinaryDocument) doc, p -> {
final StreamSource source1 = new StreamSource(p.toFile());
source1.setSystemId(p.toUri().toString());
return source1;
});
transaction.commit();
return source;
}
} else {
source = new EXistDbSource(broker, doc);
source.setSystemId(uri.toASCIIString());
return source;
}
} catch (final PermissionDeniedException | TransactionException | IOException e) {
throw new TransformerException(e.getMessage(), e);
}
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
Txn(org.exist.storage.txn.Txn)
Array(java.lang.reflect.Array)
BrokerPool(org.exist.storage.BrokerPool)
TransformerException(javax.xml.transform.TransformerException)
URL(java.net.URL)
URISyntaxException(java.net.URISyntaxException)
StreamSource(javax.xml.transform.stream.StreamSource)
URIResolver(javax.xml.transform.URIResolver)
IOException(java.io.IOException)
Source(javax.xml.transform.Source)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
TransactionException(org.exist.storage.txn.TransactionException)
Logger(org.apache.logging.log4j.Logger)
DBBroker(org.exist.storage.DBBroker)
XmldbURI(org.exist.xmldb.XmldbURI)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
URI(java.net.URI)
LogManager(org.apache.logging.log4j.LogManager)
BinaryDocument(org.exist.dom.persistent.BinaryDocument)
Permission(org.exist.security.Permission)
StreamSource(javax.xml.transform.stream.StreamSource)
Txn(org.exist.storage.txn.Txn)
IOException(java.io.IOException)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
DOMSource(javax.xml.transform.dom.DOMSource)
StreamSource(javax.xml.transform.stream.StreamSource)
Source(javax.xml.transform.Source)
BinaryDocument(org.exist.dom.persistent.BinaryDocument)
DBBroker(org.exist.storage.DBBroker)
TransactionException(org.exist.storage.txn.TransactionException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
XmldbURI(org.exist.xmldb.XmldbURI)
TransformerException(javax.xml.transform.TransformerException)
Example 97 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class AccountFunctions method eval.
@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
final SecurityManager sm = context.getBroker().getBrokerPool().getSecurityManager();
final LDAPRealm ldapRealm = getLdapRealm(sm);
final String accountName = args[0].itemAt(0).getStringValue();
final Account ldapAccount = sm.getAccount(accountName);
if (ldapAccount == null)
throw new XPathException("The Account '" + accountName + "' does not exist!");
try {
ldapRealm.refreshAccountFromLdap(ldapAccount);
} catch (final PermissionDeniedException | AuthenticationException pde) {
throw new XPathException(this, pde);
}
return Sequence.EMPTY_SEQUENCE;
}
Also used :
Account(org.exist.security.Account)
SecurityManager(org.exist.security.SecurityManager)
LDAPRealm(org.exist.security.realm.ldap.LDAPRealm)
XPathException(org.exist.xquery.XPathException)
AuthenticationException(org.exist.security.AuthenticationException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
Example 98 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class ExistDocument method lock.
/**
* Lock document.
*
* @param inputToken Lock token.
* @return Input lock token.
* @throws PermissionDeniedException Permission denied
* @throws DocumentAlreadyLockedException Document is already locked
* @throws EXistException Generic existdb exception
*/
public LockToken lock(LockToken inputToken) throws PermissionDeniedException, DocumentAlreadyLockedException, EXistException {
if (LOG.isDebugEnabled()) {
LOG.debug("create lock {}", xmldbUri);
}
// Try to get document
try (final DBBroker broker = brokerPool.get(Optional.ofNullable(subject));
final LockedDocument lockedDocument = broker.getXMLResource(xmldbUri, LockMode.WRITE_LOCK)) {
final DocumentImpl document = lockedDocument.getDocument();
if (document == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("No resource found for path: {}", xmldbUri);
}
// return null; // throw exception?
throw new EXistException("No resource found.");
}
// Get current userlock
Account userLock = document.getUserLock();
// Check if Resource is already locked. @@ToDo
if (userLock != null) {
if (LOG.isDebugEnabled()) {
LOG.debug("Resource was already locked, ignored.");
}
}
if (userLock != null && userLock.getName() != null && !userLock.getName().equals(subject.getName()) && !subject.hasDbaRole()) {
if (LOG.isDebugEnabled()) {
LOG.debug("Resource is locked by user {}.", userLock.getName());
}
throw new PermissionDeniedException(userLock.getName());
}
// Check for request for shared lock. @@TODO
if (inputToken.getScope() == LockToken.LockScope.SHARED) {
if (LOG.isDebugEnabled()) {
LOG.debug("Shared locks are not implemented.");
}
throw new EXistException("Shared locks are not implemented.");
}
// Update locktoken
inputToken.setOwner(subject.getName());
inputToken.createOpaqueLockToken();
// inputToken.setTimeOut(inputToken.getTimeOut());
inputToken.setTimeOut(LockToken.LOCK_TIMEOUT_INFINITE);
// Update document
document.setLockToken(inputToken);
document.setUserLock(subject);
// Make token persistant
final TransactionManager txnManager = brokerPool.getTransactionManager();
try (final Txn txn = txnManager.beginTransaction()) {
broker.storeMetadata(txn, document);
txnManager.commit(txn);
}
if (LOG.isDebugEnabled()) {
LOG.debug("Successfully retrieved token");
}
return inputToken;
} catch (EXistException | PermissionDeniedException e) {
LOG.error(e);
throw e;
} catch (TriggerException e) {
LOG.error(e);
throw new EXistException(e);
} finally {
if (LOG.isDebugEnabled()) {
LOG.debug("Finished create lock");
}
}
}
Also used :
Account(org.exist.security.Account)
DBBroker(org.exist.storage.DBBroker)
TransactionManager(org.exist.storage.txn.TransactionManager)
LockedDocument(org.exist.dom.persistent.LockedDocument)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
Txn(org.exist.storage.txn.Txn)
TriggerException(org.exist.collections.triggers.TriggerException)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
Example 99 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class ExistDocument method stream.
/**
* Stream document to framework.
*
* @param os Outputstream.
* @throws IOException IO exception
* @throws PermissionDeniedException permission is denied.
*/
public void stream(OutputStream os) throws IOException, PermissionDeniedException {
if (LOG.isDebugEnabled()) {
LOG.debug("Stream started");
}
long startTime = System.currentTimeMillis();
try (final DBBroker broker = brokerPool.get(Optional.ofNullable(subject))) {
// If it is not a collection, check if it is a document
try (final LockedDocument lockedDocument = broker.getXMLResource(xmldbUri, LockMode.READ_LOCK)) {
final DocumentImpl document = lockedDocument.getDocument();
if (document.getResourceType() == DocumentImpl.XML_FILE) {
try {
serialize(broker, document, os);
os.flush();
} catch (SAXException e) {
LOG.error(e);
throw new IOException(String.format("Error while serializing XML document: %s", e.getMessage()), e);
}
} else {
// Stream NON-XML document
broker.readBinaryResource((BinaryDocument) document, os);
os.flush();
}
}
} catch (EXistException e) {
LOG.error(e);
throw new IOException(e.getMessage());
} catch (PermissionDeniedException e) {
LOG.error(e);
throw e;
} finally {
if (LOG.isDebugEnabled()) {
LOG.debug("Stream stopped, duration {} msec.", System.currentTimeMillis() - startTime);
}
}
}
Also used :
DBBroker(org.exist.storage.DBBroker)
LockedDocument(org.exist.dom.persistent.LockedDocument)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
IOException(java.io.IOException)
EXistException(org.exist.EXistException)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
SAXException(org.xml.sax.SAXException)
Example 100 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class ExistDocument method getCurrentLock.
/**
* Get lock token from database.
*
* @return current lock token.
*/
public LockToken getCurrentLock() {
if (LOG.isDebugEnabled()) {
LOG.debug("Get current lock {}", xmldbUri);
}
try (final DBBroker broker = brokerPool.get(Optional.ofNullable(subject));
final LockedDocument lockedDocument = broker.getXMLResource(xmldbUri, LockMode.READ_LOCK)) {
final DocumentImpl document = lockedDocument.getDocument();
if (document == null) {
LOG.debug("No resource found for path: {}", xmldbUri);
return null;
}
// TODO consider. A Webdav lock can be set without subject lock.
Account lock = document.getUserLock();
if (lock == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("Document {} does not contain userlock", xmldbUri);
}
return null;
}
// Retrieve Locktoken from document metadata
org.exist.dom.persistent.LockToken token = document.getLockToken();
if (token == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("Document meta data does not contain a LockToken");
}
return null;
}
if (LOG.isDebugEnabled()) {
LOG.debug("Successfully retrieved token");
}
return token;
} catch (EXistException | PermissionDeniedException e) {
LOG.error(e);
return null;
} finally {
if (LOG.isDebugEnabled()) {
LOG.debug("Finished probe lock");
}
}
}
Also used :
Account(org.exist.security.Account)
DBBroker(org.exist.storage.DBBroker)
LockToken(org.exist.dom.persistent.LockToken)
LockedDocument(org.exist.dom.persistent.LockedDocument)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
Aggregations
PermissionDeniedException (org.exist.security.PermissionDeniedException)182
EXistException (org.exist.EXistException)82
XmldbURI (org.exist.xmldb.XmldbURI)70
IOException (java.io.IOException)58
DocumentImpl (org.exist.dom.persistent.DocumentImpl)48
Collection (org.exist.collections.Collection)44
DBBroker (org.exist.storage.DBBroker)41
Txn (org.exist.storage.txn.Txn)38
LockException (org.exist.util.LockException)35
SAXException (org.xml.sax.SAXException)35
LockedDocument (org.exist.dom.persistent.LockedDocument)31
XPathException (org.exist.xquery.XPathException)31
Permission (org.exist.security.Permission)23
URISyntaxException (java.net.URISyntaxException)22
TriggerException (org.exist.collections.triggers.TriggerException)22
Source (org.exist.source.Source)20
Path (java.nio.file.Path)19
Account (org.exist.security.Account)18
InputSource (org.xml.sax.InputSource)18
Sequence (org.exist.xquery.value.Sequence)17
